11 Proactive Security: successfully blocking ZotobPicture above shows effectiveness against the 6 to date known variants of malicious code exploiting the weakness addressed in MS bulletin , aka known as “zotob worm”. The table shows the effectiveness of the AV engines without dedicated updates. Note that Webwasher Proactive Security blocked these worms without the help of a signature based AV engine or any types of rule updates. Source: av-test.orgSource: AV-Test GmbH, August 2005

25 Webwasher URL Filter – Trusted Source>6,000 Webwasher End-Customers have more than 12 Million seats deployed, out of which > 5 Million have Proactive Security filtersWebwasher 6.0 introduces a Smart feedback loop (optionally fully automated) for unknown URLs, Spam and potentially unwanted programs, these are then send back to the TrustedSource database and alayzed in one of our research centers.This effectively gives us the worlds largest database for Malware and Phishing and URLs that is actually relevant and not some arbitrary result of result of web crawlers and automated categorization. (Which we do too, but we see the reusults don’t achieve the quality level as with real customer feedback)

48 Webwasher SSL ScannerTemporäre Entschlüsselung von SSL-verschlüsseltem Web traffic.Ermöglicht Unternehmen die Anwendung bereits vorhandener Sicherheits- und Internet-Nutzungsrichtlinien auf alle wichtigen Webprotokolle: HTTP, FTP und HTTPS.„Verdoppelt“ den Wert schon vorhandener Filter bei minimalen Kosten.Einzigartige Kombination von SSL-Filterung und zentraler Zertifikatsverwaltung.Sichere Anwendung, da keine entschlüsselten Inhalte über das Netz übertragen werden.Entspricht Datenschutzbestimmungen.Hochgradig skalierbar.Webwasher SSL Scanner enables enterprises to apply their existing security and Internet usage policies to ALL key Web protocols:-- HTTP,-- FTP, and-- HTTPS.Effectively, it closes the HTTPS security loophole.At the heart of Webwasher SSL Scanner is the module’s decryption policy, which allows normal content and security filters to be applied to encrypted content.Decryption at the gateway Decryption is possible at the gateway as a result of certificate-based coordination between the employee’s client browser and the corporate Web gateway/proxy.Data privacy not compromisedWhile decrypted, data is always secure because it resides entirely within the main memory of a single gateway server.Data is then re-encrypted at the gateway for fully secure passage through the network to the employee’s browser.Certificate handlingUsers often give little thought to accepting certificates when they are presented with the standard “Yes/No” prompt.Yet, when employees unknowingly accept invalid certificates, they can be establishing ‘trusted’ connections with malicious third parties. Connections that can then be misused.Certificate check at the gatewayCertificate policies in Webwasher SSL Scanner allow administrators to relieve employees of this critical decision and centralize policies for accepting certificates at the gateway.Certificate policy is facilitated by two automated processes:Trusted certificate authorities Allows administrators to define a company-wide policy regarding which authorities are to be trusted. Certificate verification A series of automated tests including date checking and queries of certificate revocation lists are designed to establish the validity of each certificate. Webwasher routinely checks third-party lists of revoked certificates.

49 Scanning SSL encrypted trafficHTTPS Proxy3Client127465Web ServerWebwasher’s ability to decrypt HTTPS content is dependent on the interaction between three entities involved in the communication; the client browser, the gateway proxy, and the website. This dialog resembles a “man-in-the-middle” scenario, but is unique because the interception of the encrypted content occurs entirely within the secured corporate network.Client/Proxy handshakeProxy/Web server handshakeCertificate checkServer sends encrypted contentContent decrypted & scannedFiltered content sent to proxyRe-encrypted content to clientScanning Engine

80 TrustedSource IntegrationWW Anti-Spam integrationConnection ControlWeitere Methode zur Erkennung von SpamURL Filter IntegrationSpam und Phishing Seiten/IPs sites werden von Trusted Source an Webwasher URL Filter und SmartFilter übermitteltFeedback SystemManuell (default)AutomatisiertConnection control determines whether the connection is even allowed to occur. This is new for webwasher and a benefit that comes from TrustedSource.. TrustedSource technology was also built into the Connection Control module of the Webwasher Anti-Spam module, proactively blocking connection requests from known spammers before the even enters the network. In addition a customer can also create their own blacklists or white lists.Input for Spam level determination: after the is delivered. can screen for spam in the input queue.Webwasher URL filter and SmartFilter receives feeds of Spam and Phishng sites from TrustedSource. Benefits all SCUR filtering customers starting in November.

88 Webwasher 6.0: Anti-MalwareThe official release of our new Anti-Malware product (SAM, short for Secure Anti-Malware)Currently in accreditation and certification at various testing bodies like AV-Test.org and ICSAProactive Security enhancementsSeveral new methods to enhance Spyware detectionDetect and block clients infected with Spyware (only in Anti-Malware)White list subscription service (allows to set ProActive at a strict level and still be able to access sites that might otherwise be blocked)Watermarking of forms to prevent unauthorized http GET requests. (only in Anti-Malware)

89 Webwasher 6.0: Mail Gateway enhancementsgateway enhancementsCentralized queue managementSingle view on all mail queuesFeedback queue and systemSuspicious attachments and web objects are put into a special queue that may be released to the SecureLabs in Paderborn by the admin.Resend digestSelf-tuning gateway performance (auto-adjust number of threads depending on current load)“address mapping”Who is allowed to send / receive mailMap an external name to an internal name and vice versaEasy way to set up distribution listsNext let’s have a look at the enhancements to the mail gateway. One of the drawbacks of Anti-Spam deployments in the past had been that in a cluster deployment Admins had to administer the queues on each appliance separately. With Webwasher 6.0 we introduced the concept of “virtual queues” where the admin has access to all of the queues from the cluster server. This is a feature competitive vendors charge extra.With 6.0 we also introduce a special queue that gets populated automatically with suspicious files that Proactive security identified as some form of Malware. The administrator can then decide to release these samples to the SecureLabs for investigation.Aside from the possibility of resending a digest (webwasher didn’t have this before), the gateway can be set to a self tuned mode, where it increases the number of threads up to a certain amount the system can handle. If this still isn’t enough the Anti-Spam module reduces the number of filters appliad to mails, effectively trading in detection rate with performance.Especially for large companies or for companies with a complicated (takeover etc.) infrastructure we introduced

90 Webwasher 6.0: Anti-Spam improvementsNew Mailshell Methods“live scoring” with Mailshell’s SpamLabsConfiguration of preferred language(s)New parameters to tweak performanceRemoved Bayes Filter -> In MailshellNew “fingerprinting” methodIncl. feedback mechanismAutom. “white listing”White list sender/recipient pairs as seen in outgoing sWhite list s released from the spam quarantineAdmin and end-user access to edit the white listsIntegration TrustedSource & ConnectionControlDon’t accept connections from mail servers depending on level reputationIf accepted: Additional Input for MethodMix spam scoreTest showed: Expect 30-40% less traffic entering the mail gatewayMailshell:Live scoring: This means that we query mailshell’s SpamLabs in real-time (only fingerprints are transmitted)Preferred lanaguage: Allows to set “home” country and list of preferred language(s), which results in higher spam score for messages in other languages (to address Russian, Korean, Chiniese spam…)Performance tweaking: allows to set parameters that allow to increase throughput at the cost of scoring accuracy if desired.One more note: We have removed our own bayesian filter method, because it proved to be less reliable and screwed up the scoring. Mailshell has a bayesian method included that we now use which is more efficient and accurate.

91 Webwasher 6.0: GUIA major update of the web interface which makes the visual difference between the 5.x and 6.x versionsRemove toggle buttonsRelocation of tabsSession based GUI loginAudit log (back-ported to 5.3, and available in latest maintenance release already)Ease of navigation (click history, links to internal requests)Usage of more JavaScript and AjaxConsistency (list editors, and other elements)Ability to disable viewing Web vs. related settings“Change Warner”Import/export feature for error templatesSession based GUI login: no longer using basic auth. to GUI, allows to time-out session and log login/logout activityEase of navigation: click history just example, several other minor enhancements. Links to internal requests, e.g. download/view of logfiles exposed in GUI and several other requests that were previously hidden.Change Warner: when user leaves current configuration page, a dialog pops up to prompt whether admin wants to save, discard or cancel

93 Webwasher 6.0: Anti-MalwareThe official release of our new Anti-Malware product (SAM, short for Secure Anti-Malware)Currently in accreditation and certification at various testing bodies like AV-Test.org and ICSAProactive Security enhancementsSeveral new methods to enhance Spyware detectionDetect and block clients infected with Spyware (only in Anti-Malware)White list subscription service (allows to set ProActive at a strict level and still be able to access sites that might otherwise be blocked)Watermarking of forms to prevent unauthorized http GET requests. (only in Anti-Malware)

94 Webwasher 6.0: Mail Gateway enhancementsgateway enhancementsCentralized queue managementSingle view on all mail queuesFeedback queue and systemSuspicious attachments and web objects are put into a special queue that may be released to the SecureLabs in Paderborn by the admin.Resend digestSelf-tuning gateway performance (auto-adjust number of threads depending on current load)“address mapping”Who is allowed to send / receive mailMap an external name to an internal name and vice versaEasy way to set up distribution listsNext let’s have a look at the enhancements to the mail gateway. One of the drawbacks of Anti-Spam deployments in the past had been that in a cluster deployment Admins had to administer the queues on each appliance separately. With Webwasher 6.0 we introduced the concept of “virtual queues” where the admin has access to all of the queues from the cluster server. This is a feature competitive vendors charge extra.With 6.0 we also introduce a special queue that gets populated automatically with suspicious files that Proactive security identified as some form of Malware. The administrator can then decide to release these samples to the SecureLabs for investigation.Aside from the possibility of resending a digest (webwasher didn’t have this before), the gateway can be set to a self tuned mode, where it increases the number of threads up to a certain amount the system can handle. If this still isn’t enough the Anti-Spam module reduces the number of filters appliad to mails, effectively trading in detection rate with performance.Especially for large companies or for companies with a complicated (takeover etc.) infrastructure we introduced

95 Webwasher 6.0: Anti-Spam improvementsNew Mailshell Methods“live scoring” with Mailshell’s SpamLabsConfiguration of preferred language(s)New parameters to tweak performanceRemoved Bayes Filter -> In MailshellNew “fingerprinting” methodIncl. feedback mechanismAutom. “white listing”White list sender/recipient pairs as seen in outgoing sWhite list s released from the spam quarantineAdmin and end-user access to edit the white listsIntegration TrustedSource & ConnectionControlDon’t accept connections from mail servers depending on level reputationIf accepted: Additional Input for MethodMix spam scoreTest showed: Expect 30-40% less traffic entering the mail gatewayMailshell:Live scoring: This means that we query mailshell’s SpamLabs in real-time (only fingerprints are transmitted)Preferred lanaguage: Allows to set “home” country and list of preferred language(s), which results in higher spam score for messages in other languages (to address Russian, Korean, Chiniese spam…)Performance tweaking: allows to set parameters that allow to increase throughput at the cost of scoring accuracy if desired.One more note: We have removed our own bayesian filter method, because it proved to be less reliable and screwed up the scoring. Mailshell has a bayesian method included that we now use which is more efficient and accurate.

96 Webwasher 6.0: GUIA major update of the web interface which makes the visual difference between the 5.x and 6.x versionsRemove toggle buttonsRelocation of tabsSession based GUI loginAudit log (back-ported to 5.3, and available in latest maintenance release already)Ease of navigation (click history, links to internal requests)Usage of more JavaScript and AjaxConsistency (list editors, and other elements)Ability to disable viewing Web vs. related settings“Change Warner”Import/export feature for error templatesSession based GUI login: no longer using basic auth. to GUI, allows to time-out session and log login/logout activityEase of navigation: click history just example, several other minor enhancements. Links to internal requests, e.g. download/view of logfiles exposed in GUI and several other requests that were previously hidden.Change Warner: when user leaves current configuration page, a dialog pops up to prompt whether admin wants to save, discard or cancel

98 Webwasher 6.0An integrated User Database, enabling NTLM authentication everywhere“Transparent” authenticationOther featuresDetection of “unknown” scriptsDedicated ports for internal requests, to separate end user requests from admin requestsFailover for all parent proxiesDistributed updatesIFP protocol supportfilter enhancementsNew option to delete attachments in customized actionEnhanced phishing filterCluster enhanced to allow distribution of live data like quota informationAllow different authentication process for individual proxiesWebwasher appliance(s): NTP client configuration via GUIDetection of unknown scripts: mimic IE handling of determining whether a script is JavaScript or VBscript that does NOT have script name parameterFailover for parent proxies: Very flexible and powerful parent proxy implementation, getting us on par with proxy vendorsDistributed updates: Allow db downloads (URL, AV etc) on the master and then distribute to cluster members

99 Webwasher® differentiators: Smart combination of filtersUnlike signature based anti-virus vendors, the Proactive Security solution in Secure Computing’s Webwasher products does not depend on reactive and time-delayed updates. Proactive Security is based in its core upon the proactive filters for exploit methods and the heuristic code analysis. Additionally the media type filter reliably checks the “magic-byte” of incoming content and selectively blocks unwanted or content not deemed safe. As all executable files can be digitally signed, with the build in signature verification you can easily determine if an applet that e.g. says it comes from Microsoft is really created by Microsoft. At the same time Webwasher also contains the typical reactive security as found in its up to three anti-virus engines and the custom header, body and checksum filter.

100 Webwasher® differentiators: Proactive SecurityUnlike signature based anti-virus vendors, the Proactive Security solution in Secure Computing’s Webwasher products does not depend on reactive and time-delayed updates. Proactive Security is based in its core upon the proactive filters for exploit methods and the heuristic code analysis. Additionally the media type filter reliably checks the “magic-byte” of incoming content and selectively blocks unwanted or content not deemed safe. As all executable files can be digitally signed, with the build in signature verification you can easily determine if an applet that e.g. says it comes from Microsoft is really created by Microsoft. At the same time Webwasher also contains the typical reactive security as found in its up to three anti-virus engines and the custom header, body and checksum filter.

Über Projekt

Feedback

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.